Cyber Security Data – Too Much is Just as Bad as Not Enough

Cyber Security Data – Too Much is Just as Bad as Not Enough

Dino Karanikas joined Talend’s Federal Sales team in 2016. Prior to joining Talend, he ran his own sales consulting company where he worked with Venture Capital organizations as well as industry leaders like ArcSight, HPE, CSC, Lockheed Martin and Northrup Grumman. He has developed customized licensing and financing models that have led to the execution of the largest deals in the history of the organizations he’s worked with. Dino attended York College of Pennsylvania where he studied Management of Information Systems.

Over the past ten years, we have seen a tremendous increase in enterprise-level security products that help organizations find, mitigate and alert CISOs to a potential breach, anomaly or change on or near the networks, devices, clouds, and servers that allow an organization to conduct business.

Cyber Security Data Overload

As technology matures, advancements in tools like SIEMs, Loggers, IPSs and NACs allow security analysts to receive beneficial information about what’s going on across the organization. Most of these tools are extremely valuable and can provide insight to the Security Analysts sitting in the SOC. At the same time, there can be an overload of data and alerts, ultimately causing “alert fatigue.”

This overload of data is just as dangerous to an organization as any potential breach, anomaly or malware that might be on the network. Imagine going to your mailbox every day only to find that it's stuffed and overflowing with junk mail, brochures, and coupons for things that you don’t care about (false positives / false negatives). After some time, you expect that most of the stuff in your mailbox isn’t valuable and you end up throwing all of it in the trash. Eventually, you’ll end up throwing away something that was important, like that birthday check (actual alert) from Grandma. Not only did you throw away the check, but you've also upset Grandma (CISO) because you never called to say “thank you” (incident response).

Let’s take it a step further. Now that you have collected, organized, and normalized the massive amounts of data being generated by every single one of your security tools, what do you do with it?

This is where machine learning steps in to save the day. By applying machine learning to the data that you’ve pulled in you can quickly develop a map of your historical data, correlate events between different security sources, and even predict negative and positive outcomes.

Cyber Security, especially at the enterprise level, is a daunting task, to say the least. We must take control of the tools we have and tame them to benefit from them. Organizations that are willing to take on this challenge will realize a new-found ROI from their existing security tools. At the same time, they will be ahead of the ever-evolving threats presented to their organizations. Learn more about how big data, machine learning and data governance can help you tackle cyber security risk and compliance here.